CybersecurityListening in on hackers talking

If you are a hacker, you gather as much data as you can on your targets, in search of something valuable.

If you are researcher Hsinchun Chen, you gather as much data as you can on the hackers.

Chen, a professor of management information systems at the University of Arizona, works in a little-explored, but hugely important area of cybersecurity: Exploring the motivations of hackers and other cyberattackers, and trying to predict how they might act, based on their behaviors.

The NSF reports that with support from the National Science Foundation’s (NSF) Social, Behavioral and Economic Sciences directorate and the Directorate for Computer and Information Science and Engineering under the Secure and Trustworthy Cyberspace (SaTC) program, Chen and his collaborators have generated findings that shed light on how hacker communities interact and share information — and even created actionable intelligence for criminal investigations by federal agencies.

But the research’s goal is even more ambitious. Chen wants to develop models that might be able to take information on how hackers behave and use it to predict their next targets, as well as their methods for attack.

“The most important part isn’t looking back and saying ‘what have they done?’” Chen says. “It’s looking forward and saying ‘What are the emerging threats?’ We’re really trying to understand the intent of the people planning attacks. Instead of looking at the bullets, you’re looking at the shooters.”

The research holds significant promise for the social sciences, as well as information science. The team aims to develop and test theories about hacker cultures, based on their online interactions. That involves modeling the social attributes of hacker networks and investigating how their groups are organized.

Chen is hardly a stranger to this kind of work. For the past decade, he’s worked on—and headed—NSF-funded research projects that examine other potentially threatening online communities, producing a long trail of papers and tools along the way.

He developed COPLINK, a software system used by more than 3,500 law enforcement networks nationwide to look for information on drug networks, border smuggling operations and other criminal activity. With an international group of terrorism research centers and security agencies, he helped create the Dark Web project, which has tapped into extremist communications and social networks to generate one of the world’s largest databases of terrorist information.

Still, he said, tapping into hacker behavior has proved even more of a challenge.

“This community,” he says, “is even more tightly knit.”